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after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
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DETAILED ACTION 
Response to Arguments 

Applicant's arguments filed 11/1 1/2008 have been fully considered but they are 

not persuasive. 

Applicant first cites the claim limitation "the at least one security rule relating to 
the at least one second logically protected computing compartment is only arranged to 
be loaded onto said trusted computing platform if one or more services or processes 
associated therewith are enabled." 

The Applicant then argues "In other words, claim 1 recites wherein security rules 
are only loaded onto said trusted computing platform if one or more services associated 
with the rules are enabled (pg. 2 of Remarks)." 

The Examiner respectfully disagrees. The claim limitation requires "the at least 
one security rule relating to the... compartment is only arranged to be loaded onto said 
trusted computing platform if one or more services or processes associated are 
enabled." 

In other words, the claim language never explicitly loads the rules. Instead the 
rules are ready to be loaded (i.e. "arranged to be loaded"). Any arguments deriving from 
loading rules into compartments are considered spurious. 

Applicant argues that Griffin "appears to indicate that the security module is 
merely a monitoring program that checks for the presence of previously loaded 
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rules... No mention is made of loading a rule based upon resources of a newly loaded 
compartment being enabled, (pg. 3 of Remarks)." 

The Examiner respectfully disagrees. In the cited section Griffin teaches "access 
control checks are performed such as through the use of hooks to a dynamically loaded 
security module that consults a table of rules indicating which compartments are 
allowed access the resources of another compartment (Non-Final, pg. 4, Griffin 
Paragraph [0068])." This explicitly teaches loading a rule based upon the resources of a 
compartment being enabled. 

The remaining arguments derive from the ones above and are rejected for the 
same rationale. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-2, 10-12 are rejected under 35 U.S.C. 102(b) as being anticipated by 

Griffin. 
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Griffin (US 20020194496) teaches a system comprising a trusted computing platform 
including: 

at least one first logically protected computing compartment associated with 
initialization of said system and 

at least one second logically protected computing compartment, second logically 
computing compartment being associated with at least one service or process 

supported by said system, ("Each resource of the computing platform which it is desired to 
protect is given a label indicating the compartment to which that resource belongs. Mandatory 
access controls are performed by the kernel of the host operating system to ensure that 
resources from one compartment cannot interfere with resources from another compartment. " 
Paragraph [0034]) 

wherein the system is arranged to load onto said trusted computing platform a 
predetermined security policy including at least one security rule for controlling the 
operation of each of said logically protected computing compartments ("The actions or 
privileges within a component are constrained, particularly to restrict the ability of a 
process to execute methods and operations which have effect outside the 
compartment" Paragraph [0031]) The Examiner interprets the at least one security rule 
as each of the methods of each compartments are restricted within itself.; 

wherein the security rule relating to the at least one first logically protected 
computing compartment is arranged to be loaded onto said trusted computing platform 
when the system is initialized ("the trusted device performs a secure boot process when the 
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computing platform is reset to ensure that the host operating system of the platform is running 
properly and in a secure manner" Paragraph [0025]) and 

wherein the at least one security rule relating to the at least one second logically 
protected computing compartment is only arranged to be loaded onto said trusted 
computing platform if one or more services or processes associated therewith are 
enabled ("access control checks are performed such as through the use of hooks to a 
dynamically loaded security module that consults a table of rules indicating which compartments 
are allowed access the resources of another compartment. In the absence of a rule explicitly 
allowing a cross compartment access to take place, an access attempt is denied by the kernel" 
Paragraph [0036])("Multiple applications can be run on the guest operating system, each within 
a separate compartment of the guest operating system. This embodiment enables each 
computing environment to be subdivided" Paragraph [0068]) 

Regarding Claim 2, 

Griffin teaches a system according to claim 1 , wherein one or more common variable is 
defined for each compartment, wherein a relevant security rule is only arranged to be 
added if the variable associated with a particular compartment is enabled ("Each 
resource of the computing platform which it is desired to protect is given a label indicating the 
compartment to which that resource belongs. Mandatory access controls are performed by the 
kernel of the host operating system to ensure that resources from one compartment cannot 
interfere with resources from another compartment. Access controls can follow relatively simple 
rules, such as requiring an exact match of the label" Paragraph [0034]) 
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Regarding Claim 10, 

Griffin teaclies a system according to claim 1 , wherein the at least one compartment 

includes an operating system arranged to be controlled by the operating system 

kernel ("t/7e compartment is an operating system compartment controlled by a kernel of the host 

operating system" Paragraph [0032] of Griffin) 

Regarding Claim 11, 

Griffin teaches the system according to claim 1, including means for determining when a 
service is starting, and on being enabled, for loading the compartment associated with 

that service and loading the security rules associated with that service ("access control 
checks are performed such as through the use of hooks to a dynamically loaded security 
module that consults a table of rules indicating which compartments are allowed access the 
resources of another compartment. In the absence of a rule explicitly allowing a cross 
compartment access to take place, an access attempt is denied by the kernel" Paragraph 
[0036]) The Examiner interprets an access attempt for the service as "a service starting. " 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
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the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 3-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Griffin in view of Wiseman. 

Regarding Claim 3, 

Griffin teaches the system according to claim 2. Griffin does not explicitly teach wherein 
at least one variable associated with a directory of plug-ins is arranged to be added 
wherein the system is arranged to determine, in response to a compartment being 
enabled, a status of said at least one variable and cause a relevant plug-in based upon 
a directory of plug-ins to run only if an associated variable is 'true' 

Wiseman (20040003288) teaches at least one variable associated with plug-ins 
is arranged to be added wherein the system is arranged to determine in response to a 
compartment being enabled (The Main Platform Initialization Code perfornns necessary 
functions to complete the initialization of the platform. Such functions may include initializing 
devices embedded within the platform, and locating and initializing optional plug-in or 
embedded adapters (having their own device initialization code). After this, the Main Platform 
Initialization Code locates the OS Loader and executes it. The OS Loader, in turn, loads the 
OS into memory and begins executing the OS. At this point, the platform is considered in the 
OS-present state and is fully under control of the loaded OS) 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Griffin to accept plugins during initialization as taught by Wiseman. 
The motivation is to extend the capabilities of the services. 

Regarding claim 5, 

Griffin and Wiseman teach a system according to claim 4, wherein the at least one 
compartment includes an operating system compartment arranged to be controlled by 

the operating system kernel ("the compartment is an operating system compartment 
controlled by a kernel of the host operating system" Paragraph[0032] of Griffin) 

Regarding Claim 6, 

Griffin and Wiseman teach a system according to claim 5, wherein the at least one 
compartment and network resources are arranged so communication between them is 
provided via relatively narrow kernel level controlled interfaces to a transport 

mechanism ("Communication between compartments is provided using narrow l<ernel level 
controlled interfaces to a transport mechanism such as TCP/UDP" Paragraph[0036] of Griffin) 



Regarding Claim 7, 
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Griffin and Wiseman teacli a system according to claim 6, wlierein said communication 
is governed by rules specified on a compartment by compartment basis ("'/Access to these 
communication interfaces is governed by rules specified on a compartment by compartment 
basis" Paragraph [0036]) of Griffin) 

Regarding Claims 8-9, 

Griffin and Wiseman teach a system according to claim 7, including means for 
determining when a service is starting, and on being enabled, for loading the 
compartment associated with that service and loading the at least one security rule 
associated with that service ("access control checks are performed such as through the use 
of hooks to a dynamically loaded security module that consults a table of rules indicating which 
compartments are allowed access the resources of another compartment. In the absence of a 
rule explicitly allowing a cross compartment access to take place, an access attempt is denied 
by the kernel" Paragraph [0036]) The Examiner interprets an access attempt for the service as 
"a service starting." 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
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mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to HARRIS C. WANG whose telephone number is 
(571)270-1462. The examiner can normally be reached on M-F 9-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, KAMBIZ ZAND can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Harris C Wang/ 
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